OTORIO secures US patent, claims proprietary algorithm will set standard in OT cybersecurity risk management

Industrial cybersecurity vendor OTORIO has secured a patent from the U.S. Patent and Trademark Office (USPTO) for the company’s risk management model and attack graph analysis algorithm. The vendor claims the approach sets a new standard in OT (operational technology) cybersecurity risk management. The company’s proprietary algorithm incorporates industry-standard metrics and adheres to the National Institute of Standards and Technology (NIST) CVSS (Common Vulnerability Scoring System) system for vulnerability scoring, ensuring compliance with industry standards and avoiding the need for re-scoring of common risks.

The USPTO issued U.S. Patent No. 11637853, ‘Operational Network Risk Mitigation System and Method,’ for OTORIO’s algorithm simulation model, which underpins its end-to-end OT cybersecurity platform. The unique technology calculates OT cybersecurity threats by analyzing and visualizing four key components — threat, likelihood, vulnerability, and impact — and provides risk mitigation actions prioritized according to actual exposure and potential impact on operations. This enables organizations to take proactive measures to safeguard their critical assets and processes.

OTORIO’s attack vector graphs offer a dynamic visual representation of network topology for easy navigation between assets, vulnerabilities, their connections, and the security controls’ influence. This provides crucial context to OT cybersecurity posture, along with concise calls to action, enabling organizations to prioritize and address risk effectively.

The company’s monitoring capabilities empower organizations to proactively manage vulnerabilities and harden security by evaluating the likelihood of incidents across all assets, threats, and potential scenarios. Any variations in the security posture serve as a clear signal for proactive measures, enabling organizations to stay ahead of emerging threats and safeguard their operational technology.

The patent document lists the inventors as Yair Attar, Leon Levitsky, Matan Dobrushin, Aviad Elizur and Ido Peled.

“This patent recognizes our innovative approach to quantifying OT cyber risk and positions us as market leaders,” Attar, OTORIO’s co-founder and CTO, said in a media statement. “We are pleased to share this milestone with our valued customers and partners as we continue to address the most pressing regulatory and cybersecurity challenges of today.”

The patent outlines that the present invention relates to cybersecurity systems and methods and, more particularly but not exclusively, to industrially-dedicated automated orchestration and response systems and methods. 

Its abstract describes the patent as a ‘computer network risk mitigation system that includes a computerized platform configured to utilize gathered contextual data regarding cyber-risk metrics in an OT network. The computerized platform is configured to conduct network configuration changes in accordance with the gathered contextual data in order to mitigate cyber-security threats. Methods for refining a network attack graph and for utilizing risk score evaluation are also described.’

The patent document said that the present invention provides a computer network risk mitigation system and method that can evaluate network security state, prioritize risk mitigation steps, and utilize protective measures upon OT networks. “Said system and method may utilize contextual information regarding cyber threats to operational networks and assets and provide various organization-specific continuous views of cyber risk metrics. Said system and method may further use a simulated attack analysis and data which can be collected from network devices and OT vulnerability reports.”

It also added that the “said system and method may use the aforementioned procedures and gathered data to potentially activate automated/manual configuration or reconfiguration processes while requiring relatively low computational resources.”

By using industrial-dedicated automation tools, one can significantly reduce the time and effort that go into identifying, sorting, prioritizing, and resolving emerging security threats, the patent disclosed. “In order to achieve effective and efficient automation, there is a need to collect and prioritize relevant data which in turn may help security teams to focus their resources on fixing the most critical vulnerabilities first. Such fixing may involve any software/application/component with detected vulnerabilities and may require various remediations.” 

After establishing which vulnerabilities require the most immediate attention, and mapping out a timeline and a work plan for the fix, the fixing may begin. Vulnerability remediation in proprietary code requires considering the root cause of a security vulnerability that needs to be fixed.

Remediation to a certain code might include software patching, disabling the vulnerable process, removing a vulnerable component, updating system configuration/conducting configuration changes, or updating the platform or service that is used by the network/team. These procedures, if successful, may serve to provide a good permanent solution to a detected security vulnerability.

The patent document outlined that after a fix or patch is deployed, it’s important to continue monitoring it to ensure its security and verify that the fix does not affect other processes or configurations within the system. In addition, newly discovered security vulnerabilities might raise a need to add more security layers to a system’s parameters. These procedures may be performed manually or by machine. 

Achieving correct prioritization with good performance (timely and accurate) is highly important and has a practical effect on the feasibility of implementation by the operational personnel. However, determining optimal prioritization could be challenging due to the increased complexity and scale of the IT and OT networks, the lack of cybersecurity skills within operation teams, and the need to incorporate threat intelligence information regarding various vulnerabilities as well as possible business impacts along with operational requirements. 

Thus, there is a need to provide a system and method that can utilize contextual information regarding cyber threats to operational networks and assets and provide an organization-specific continuous view of cyber risk metrics along with deep insights regarding cybersecurity stature. These metrics can be used to potentially activate automated/ manual configuration or reconfiguration processes, such as network, OT, ICS, or other manufacturing floor changes used for risk mitigation. 

The patent said that “said system and method may use a simulated attack analysis and data that can be automatically collected from network devices and OT vulnerability reports. The results of such analysis simplify various industrial security operations, including periodical risk assessments and compliance audits, penetration testing, forensic investigations, and real-time alterations of OT, ICS. or to other manufacturing floor components,” it added. 

Moreover, there is a need to improve both the level at which business-specific attributes are incorporated within the evaluation of the security metrics, as well as the computational efficiency of said security metrics. 

The proposed invention presents a systematic approach for evaluating network security state, prioritizing risk mitigation steps, and utilizing protective measures upon OT networks.

Last month, OTORIO and ServiceNow released survey results revealing that OT has become a key component of critical infrastructure and industrial manufacturing, including power grids, transportation networks, and manufacturing facilities. The OTORIO-ServiceNow survey also identifies a definitive shift in OT cybersecurity strategy mindset from visibility (reactive approach) to risk management (preventative approach), indicating that 2023 and 2024 will be pivotal for operational security and critical infrastructure.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.